Docs
Start typing to search…

Rate Limiting

UTB API rate limiting policies

Current Rate Limits

Our API currently implements a single rate limit: 100 requests per 60 second sliding window. The headers defined below will give up-to-date information on this rate limit including remaining request count and time until a new request can be sent after exceeding the limit.

The rate limits are subject to change in the future. If there are any changes, they will be documented here and the RateLimit-Policy header will always return the current rate limit details.

Rate Limit Headers

We are following the IETF standard as it is developed and have implemented the header specification in draft 7. We will be returning 3 headers pertaining to rate limits.

RateLimit

The RateLimit header container current state information about the rate limit. If there are multiple rate limits on the endpoint, it will return the current state of the rate limit with the least remaining requests. The header should always be returned by the server.

The header value contains 3 key/values:

  • limit - The max number of requests in the window
  • remaining - The number of requests remaining in the window
  • reset - The number of seconds until the window has reset
RateLimit: limit=100, remaining=98, reset=60

NOTE: The reset key will display a static value of the current window length when the limit has not been exceeds, however, the behavior changes to display the number of seconds until at least one more request is available from the sliding window.

RateLimit-Policy

The RateLimit-Policy header contains a list of all rate limits in place for the endpoint. If there are multiple policies in place, the policies will be comma separated. The header should always be returned by the server.

The policy will follow this format:

  1. The first item (with no identifier) - The max number of requests in the window
  2. Key w - The length of the window in seconds
  3. Key comment - Comments about the policy such as defining the window type
RateLimit-Policy: 100;w=60;comment="sliding window"

Retry-After

The Retry-After header contains the number of seconds the client should wait until they try the request again. This header is only returned when the rate limit has been exceed and the HTTP response code is 429. This value will always match the reset value from the RateLimit header.

Retry-After: 29

Updated 3 months ago